|
| From: | Reinhard Max |
| Subject: | Re: [avrdude-dev] [patch #8311] Add IPv6 support to the -Pnet:host:port option |
| Date: | Tue, 11 Feb 2014 02:07:07 +0100 (CET) |
| User-agent: | Alpine 2.11 (LSU 23 2013-08-11) |
On Mon, 10 Feb 2014 at 22:08, Bob Paddock wrote:
On Mon, Feb 10, 2014 at 1:20 PM, Reinhard Max <address@hidden> wrote:Change name resolution from gethostbyname() to getaddrinfo()...I don't know if this is relevant here but did want to point it out, just in case. This bug was fixed in GNU C Lib 2.19 released a few days ago: * CVE-2013-4458 Stack overflow in getaddrinfo with large number of results for AF_INET6 has been fixed (Bugzilla #16072).
Thanks for the notification, but this shouldn't be relevant here, as avrdude is typically used in trusted environments and not against arbitrary hosts whose admins might try to set up DNS records that try to exploit this.
Also, as getaddrinfo() is used by the majority of network code these days, I expect vendors to provide the updates for glibc rather quickly, because there are other applications out there which are by far more at risk than avrdude.
cu
Reinhard
| [Prev in Thread] | Current Thread | [Next in Thread] |